Happy Holidays

It’s that time of year again when most of the offices around Microsoft start going dark, and I’ll be adding 42/2221 to that list for the next couple of weeks as I head off to New York for Christmas.  My traditional weather.com check shows that I should be expecting a 19 degree drop in temperature…

2

What Do You Want to See in Crypto / ClickOnce?

Now that Whidbey’s out the door, it’s time to look at what we want to do in future releases.  If you’ve run into any issues with the crypto classes or with ClickOnce let me know!  You can leave comments here or file requests in the MSDN Product Feedback Center. Even though I’m focusing on crypto…

7

New and Improved Security in the .NET Framework 2.0

To add to our other lists of “What’s New in Whidbey Security”, Rudolph Araujo and Shanit Gupta have a nice roundup of new security features posted on the Microsoft .NET Framework Developer Center.  They’ve got them categorized, summarized, and provide links for more details.  Seems like this is a good candidate for a bookmark for the…

3

Process Requires FullTrust

The Process class has a LinkDemand and an InheritenceDemand for FullTrust on it.  This means that if your assembly is not fully trusted, it will be unable to kick off new Processes or get information about running processes.  One implication is that assemblies which do not have SkipVerification permission will not be able to work…

6

Authenticode and Assemblies

The general concepts of Authenticode signing an assembly are well understood — they mostly correlate directly to the standard Win32 concept of a signed catalog.  However, there are a few places where managed code plays differently, and sometimes these catch people off guard. Authenticode Signatures and Strong Name Signatures These two signatures are completely independent of…

13

A Look at the Xbox 360 CPU Design

Jeffery Brown has posted his paper on the Xbox 360 CPU Design from the Fall Processor Forum over on IBM’s DeveloperWorks.  Since I have my degree in hardware design, I always find these types of things interesting.  While this paper is at a relatively high level, I still found several of the details fun to read about. Especially…

2

CryptEncrypt and RSACryptoServiceProvider::Encrypt

The RSACryptoServiceProvider class provides two methods, Encrypt and Decrypt which seem to be the managed counterparts to CAPI’s CryptEncrypt and CryptDecrypt functions.  However, if you try to encrypt using CAPI and decrypt using managed code, you’ll end up with a CryptographicException saying “bad data”.  What’s going on here? Since v1.0 of the runtime, the output from…

10

Why Can’t I See My Partially Trusted ClickOnce Applications in Task Manager?

If you’re developing a partial trust ClickOnce application and are looking for its process in Task Manager or Process Explorer, you might be surprised that you can’t find it listed anywhere.  What you will see however is a process named AppLaunch.exe.  AppLaunch is a small shim tool who’s entire purpose in life is to turn around…

0

Where Does the Stack Walk Start or: Why Do Demands from Main Always Succeed?

When starting to play with CAS a lot of people come up with toy programs that simply do a Demand for some permission or another, then copy that program to various locations that will cause it to be granted different permission sets.  It’s generally a surprise when those demands pass, even though caspol confirms that…

3

Finding the Source Code for an Assembly

Sometimes, especially when working on large projects (such as, I don’t know, say … the CLR), you find yourself debugging a problem where you don’t know where a component is built from.  Depending on the problem, it might be useful to get to the sources of the assembly to help diagnose what the issue is…

2